The Internet of Things is ushering in a Jetson-like future in which almost every device is capable of connecting to the Internet and is redefining the way humans interact with their immediate environments.
At the same time, the transition from closed networks to enterprise IT networks to the public Internet is accelerating at an alarming pace – and justly raising alarms about security. As people become increasingly reliant on intelligent, interconnected devices, how can IoT providers and technology and IT services firms protect potentially billions of these devices from intrusions and interference that could compromise personal privacy or threaten public safety?
Security is paramount for safe and reliable operations of IoT connected devices. Network firewalls and protocols can manage the high-level traffic resulting from the explosion of data, but what is the best way to protect deeply embedded endpoint devices, such as home security systems, thermostats, and refrigerators? By 2020, Gartner predicts, the IoT will be made up of 26 billion things. Fortunately, because the IoT is in its infancy, there’s still time to secure devices before consumers are at risk.
There’s not much in terms of security that can be added to a device as an afterthought. These heterogeneous devices come in sizes large and small, and when unmanaged, can easily (and unintentionally) spill their informational guts and provide unauthorized network access. Because of the variety of devices and varying complexities of each one, there is no one-size-fits-all approach. Manufacturers, working with IT services firms, need to ensure that each device is secure unto itself; it is no longer sufficient to deploy the device in a secure network. Security must be addressed throughout a device’s lifecycle, from initial design to operational environment.
The initial steps in the process include secure booting to verify the authentication and integrity of a device, followed by secure communication. Most IoT devices don’t have the computing power to support full disk encryption, but sensitive data needs to be protected. When the device is plugged into a network, it should authenticate itself; machine authentication should be required for all devices connected to the network. Devices also need embedded firewalls to control potentially harmful or malicious traffic that needs to be terminated.
Devices in production must meet basic security standards, such as Data at Rest protection, which is the encryption of sensitive data. Efforts are constantly being made to create secure IoT ecosystems. This includes an end-to-end security management and analytics platform which serves several purposes, including to authenticate communication, protect applications, secure devices, and manage and update devices remotely, even in resource-limited environments.
Device makers, applications developers, and IT services firms must be vigilant in carving out secure systems within an Internet that is public and vulnerable to an ongoing number of intrusions. Security measures are constantly evolving to ward off threats, which will be vital to underpinning the short- and long-term success of IoT efforts.
Robert Hallahan is vice president of solutions architecture at Xavient Information Systems (www.xavient.com).
Edited by Ken Briodagh